Skip to content

Implementing OAuth 2.0

Jump to bottom Edit New page
DINH Viêt Hoà edited this page Jul 7, 2013 · 14 revisions

To gather a deeper understanding of the OAuth2 authentication process, refer to: https://developers.google.com/gmail/xoauth2_protocol

For a quick start you may follow this brief set of steps:

  1. Set up a profile for your app in the Google API Console: https://code.google.com/apis/console

  2. With your recently obtained client_id and secret load the following URL (everything goes ina single line):

https://accounts.google.com/o/oauth2/auth?client_id=[YOUR_CLIENT_ID]&
          redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&
          response_type=code&scope=https%3A%2F%2Fmail.google.com%2F%20email&
          &access_type=offline

  1. The user most follow instructions to authorize application access to Gmail.

  2. After the user hits the "Accept" button it will be redirected to another page where the access token will be issued.

  3. Now from the app we need and authorization token, to get one we issue a POST request the following URL: https://accounts.google.com/o/oauth2/token using these parameters:

  • client_id: This is the client id we got from step 1
  • client_secret: Client secret as we got it from step 1
  • code: This is the code we received in step 4
  • redirect_uri: This is a redirect URI where the access token will be sent, for non-web applications this is usually urn:ietf:wg:oauth:2.0:oob (as we got from step 1)
  • grant_type: Always use the authorization_code parameter to retrieve an access and refresh tokens
  1. After step 5 completes we receive a JSON object similar to:
{
    "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
    "refresh_token":"1/fFAGRNJrufoiWEGIWEFJFJF",
    "expires_in":3920,
    "token_type":"Bearer"
}

The above output gives us the access_token, now we need to also retrieve the user's e-mail, to do that we need to perform an HTTP GET request to Google's UserInfo API using this URL: https://www.googleapis.com/oauth2/v1/userinfo?access_token=[YOUR_ACCESS_TOKEN] this will return the following JSON output:

{
    "id": "00000000000002222220000000",
    "email": "[email protected]",
    "verified_email": true
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally